Meta

Archive for March, 2008

I bought a fused power cable at the hamfest in Maryland this weekend so I could install my mobile ham radio in my 1996 Ford Taurus. There was just one problem: getting the cable from the battery in the engine compartment to the passenger compartment. In between these two sections is the firewall, and the firewall on the Ford Taurus is notoriously hard to get through. Many other vehicles have unused or underused grommets that a cable can be passed through, but preliminary investigations on the web revealed only one unused grommet in the Ford Taurus, but I couldn’t even locate it. I’m writing this blog post so that anyone else who finds themselves in a similar situation will know what to do, whether they’re powering a ham radio, subwoofer, amp, whatever.

Since I couldn’t find a grommet to pass the cable through, I ended up drilling a hole through the firewall near where the gas pedal wire goes through the firewall. I chose this location to drill because it was one of the few spots that was relatively unobstructed on both sides of the firewall. I was worried about the wires potentially interfering with the movement of the gas pedal in the passenger compartment, but I came up with a solution (more on that later).

The place you want to drill through is directly to the left of the circular metal pad surrounding where the throttle wire passes through the firewall. Drill from the inside of the vehicle; the engine compartment is way too cramped. The foot well is cramped too, but doable. You’ll have to lie with your back on the lip of the doorway and your feet on the ground. I recommend using a power drill plugged into 120VAC from an extension cord. Battery-powered drills are more bulky and might not fit in the cramped space inside the foot well, and you’re going to need a lot of power to get through that firewall (you are drilling through fireproof metal, after all).

Fig. 1: The hole in the firewall where the cable passes through. The two black cylinders contain the fuses. The hole in the insulation is a bit bigger than the hole in the metal firewall underneath, which is just big enough to fit the cable.

My power cable consisted of a red and a black wire joined together, so it was significantly larger in one dimension. Thus, I had to cut out a tall hole that would allow the wire to pass through. A neat trick is to drill two separate close-by holes with a smaller drill bit, then keep drilling with larger drill bits until the two holes merge. Then you’ll be able to fit your non-circular wire through. Also, I definitely recommend wearing a heavy duty leather glove on the hand that’s holding the drill. I wasn’t, and I left a good bit of skin on the sharp steel vent when I scraped my finger against it after the drill abruptly pierced through to the other side of the firewall.

Overall, I give the hamfest mixed reviews. I’ll start with the negatives first so we can end on a positive note. Most of the negatives stem from my misconceptions of what this hamfest was. I was expecting a convention where the main activity is chatting up fellow hams and checking out cool rigs, but this hamfest turned out to be basically a large flea market, with a good mix of professional and not-so-professional vendors. It had a $10 per head admission charge.

The computer part of the show was just outright crap. Most of the computers on sale looked like they were acquired by the pallet-load from public auction, and simply weren’t worth buying even at the low asking price of $100-$200. I swear, some of those computers were pushing ten years old. If you wanted cheap and/or used peripherals though, this was your place (yay for $5 three generation old non-scroll-wheel optical mice). And if you want to risk all of the rest of your expensive computer components on shady unmarked power supplies, this was your opportunity! In the end, I just couldn’t justify spending any money on the computer stuff, so I didn’t. I’ll take NewEgg any day of the year. The tailgating part was especially depressing; a bunch of people (some of them hucksters) were selling miscellaneous computer and electronics junk set up on cheap tables out in the parking lot. I saw electronics equipment that was decades old. Who wants this stuff?!

There were lots of vendors selling vacuum tubes of all shapes and sizes, tens of thousands of them. The average price was about $1.00 per tube, which my dad says is less than they used to cost decades ago when they were still widely used (and that’s not taking inflation into account). None of the tubes were manufactured in the past few decades either. It’s like the transistor exploded onto the electronics scene so quickly and so completely that the inventory of tubes the manufacturers happened to have on-hand at the time was more than enough to satisfy the entire lingering tube market in perpetuity.

A lot of the vendors were, and there’s no other way to put it, shady. I wouldn’t go so far as to accuse them of having outright stolen what they were selling, but a lot of it wasn’t on the level, starting with the fact that most people weren’t charging sales tax and probably weren’t even reporting their sales to the IRS. There was no way to verify if a lot of things that were on sale were actually working, and presumably no way to return them if they weren’t. I’m also not intimately familiar with most of the kinds of things that were on sale, and I would have no idea if I was getting a good deal or a bad deal.

WordPress 2.5 is out today and it looks mighty impressive. I’m going to wait a few days for reports of compatibility with the plugins I’m using before I upgrade, but after that, expect to see WordPress 2.5 on this blog soon.

Looking through the changes list, I did notice one odd thing. WordPress 2.5 finally adds salt to stored password hashes. It’s nearly inconceivable to me that WordPress went so long without salted passwords — it’s an incredibly important security technique that essentially has zero implementation cost. When I was helping to design the software infrastructure that powers Veropedia, I made sure that password hash salting was in our alpha. And yet it takes the fine folks over at WordPress until version 2.5 to implement it? Did they not realize how important it is to security?

Here’s why password salting is so important. The naive algorithm for storing login passwords in a database is to store them as plaintext. User tries to login, the inputted password is matched against the password field under their username in the database, and if it matches, the login is successful. The reason this is terrible security practice is because if the database is compromised (which is surprisingly easy to accomplish even remotely using SQL injection) the entire list of passwords can be revealed, compromising the entire site and everyone who is registered to use it.

So the next step in the evolution of login security (and this happened decades ago) was to use a one-way function called a hash function to store the password in the database. I won’t go into the details of how a hash function works, but the key point to know is that it is one way: given an input, you can quickly calculate the output, but given the output, you cannot calculate what the input was. So, now password hashes are stored in the database instead of the raw password, and when a user goes to log in, their input is hashed and compared against the value in the database. This is what WordPress used up until version 2.5.

There’s just one major flaw with this seemingly secure system. There are only a few widely-used hash algorithms, and they all necessarily run quickly on small inputs, so it’s trivial to pre-compute a huge list of potential passwords and their associated hash values. This is called a rainbow table, and larger rainbow tables have trillions of entries in them, pretty much guaranteeing a successful attack against less secure passwords (short ones, ones that don’t use numbers and punctuation, etc.). So we’re pretty much back to square one: database is compromised, the hashed passwords are compared with the rainbow table nearly instantaneously, and lots of accounts can be compromised.

In my idle time I occasionally like to over-analyze some of the visitor stats of this blog. One could go crazy trying to find a hidden meaning in the random traffic fluctuations, so instead I focus on the search engine terms that bring people to this site. They can be funny at times. Sure, there are lots of kids searching for Zwinky (which I wrote about awhile back). There are always lots of searches for space that somehow manage to find my post on space debris. And the Russian hiker mystery has been a popular topic since I first wrote about it.

But all of these search results are pedestrian. Yesterday, however, someone came to my blog on the search term “how to marry rich”. Presumably they’re finding my blog entry commenting on a ridiculous article on MSNBC about how to marry the ultra-rich. But reading that short blog post, I realized I never cut loose and expressed how I really feel about the topic. For the purposes of this blog post I’m going to be talking about female gold diggers, because a man getting really rich by marriage is a much rarer occurrence (in more ways than one).

If your goal in life is nothing more than to marry someone who’s rich and have everything taken care of without having to put in any work on your own beyond landing the rich guy, you’re basically admitting that you have no value to society, and the only worthwhile aspects to you are your looks and your “charm”. The vast majority of people who succeed in life do it on their own merits by putting in hard work to make a decent living for themselves. The number of people who are able to circumvent that process and just leech off of someone else’s success is very small (much smaller than it used to be when many women didn’t work). It’s hardly a goal worth aspiring to.

Sure, trophy wives may lead comfortable lives, but very few people respect them. They took the easy way out. They cheated. Sure, they live in large houses and drive expensive cars, but what about their self-esteem? It would drag me down every day just knowing that I never really did anything with my life. “Trophy wife” is an insult instead of a term of endearment for a reason — although society doesn’t prohibit people marrying for money, it sure as hell looks down upon it. Can you really be proud of yourself knowing that the only thing separating you from a hobo out on the street is that you managed to land a rich guy?

The basic fabric of society is structured around rewarding those who put in work. Obviously it wouldn’t work any other way. Don’t want to be a hobo? Get a job and make something of yourself. Want a nice car? Ditto. But marrying for money is circumventing that whole system. Trophy wives are a drain on society. They’re nothing more than a glorified call girl with a clientèle list of one (if they’re faithful) — because let’s be honest, they’re trading sex, their looks, and their wombs to a man in exchange for leeching off his income for the rest of their life without actually contributing to society.

And it goes nearly without saying that someone querying Google on how to marry rich is not the kind of person who is going to be successful at it. Hopefully that person who was searching for tips on the easy way out of marrying rich will meet with complete failure, return to Google in a couple month’s time to repeat the query, and then find themselves here reading this.

I was going to go see a local screening of Expelled here in Maryland on April 1 (quite the fitting date, actually) with my friend Andrew, but it was canceled. Andrew registered his name to attend and everything, but now the screening has simply vanished. I think Andrew and I just have a certain effect on creationists. In 2005 we went to go see Kent Hovind rail against science at a local church, and not a year later, he was serving ten years in prison on federal tax evasion charges. Whoopsies. Guess the promoters of Expelled didn’t want to take a chance of something similar happening to them if we managed to attend a screening?

Everyone knows that GIF images are limited to 256 colors, right? This has been accepted knowledge since before I started using the web back in 1995. The only problem is, it’s false (where are you now, Snopes?!). GIF images aren’t restricted to 256 colors. They never have been. It looks like people just plum forgot about a part of the specification that allows a way to get around the 256 color limit. File this factoid under your YLSNED folder. Here’s proof, in the form of a GIF image that includes much more than 256 colors:

I first learned how to program in TI-Basic on the TI-82 calculator my parents bought me for math camp (if that doesn’t establish nerd cred, I don’t know what does). This was back when I was in elementary school, so it was probably around 1994. The calculator came with a data link cable, and I remember exchanging games on the bus on the way to and from math camp. These were really simple games. One of them was a “racing” game, in which the “race car” was represented by a single character at the bottom of the screen and the path one had to race along was traced out by other characters heading towards the top of the screen. The game had something like 8 rows by 20 columns of display to work with, so it was pretty simplistic.

I remember how, one day, one of the older kids attending the camp showed me the Edit submenu under the Program menu. The whole world of computer science unfolded in front of me at that very instant. I was looking at the actual source code that made the racing game tick. It was foreign to me, but I wasted no time trying to figure it out. I started modifying the program immediately, piecing together a picture of the overall syntax of the language in my head based on what did and what did not cause the interpreter to whine. My first modifications were really simple, like changing the characters used for the car and the race track, making the points rack up a lot faster, or making the track narrow more slowly. I modified the game so that I could get much higher scores, which impressed the other kids on the bus — and even when they realized I was “cheating”, they were still impressed that I had modified the program.

It continued like this for many weeks, with me learning the language simply by hacking up other people’s programs. This alone demonstrates the huge benefit of open source software, something that the TI-82 was a natural platform for but more modern computing platforms unfortunately lack (imagine if kids today could immediately start hacking on all of those Flash games they play around with, for instance). I had basically taught myself TI-Basic, and since TI-Basic is a Turing-complete programming language, I had taught myself how to program, full stop. But of course my skills were still very rudimentary. Eventually I started trying to make my own games, but they just weren’t working. I hadn’t quite mastered the art of the game loop [deWiTTERS], that top-level control structure that implements the basic feedback loop of any game (get user input, change the game state, display the new state, repeat).

Cracking the game loop was actually a pretty large conceptual barrier to me. I had been writing mostly sequential code, with gotos for branching when decisions had to be made. It was messy, and the use of those gotos was preventing me from fully understanding what a loop was. I was kind-of-sort-of of implementing a loop, but it wasn’t handled consistently, and not everything always happened in the right order. I wish I had read the deWiTTERS article back then, because it would have saved me voluminous amounts of time.

Eventually I figured out the simplest form of game loop on my own, a loop that calculates the new state and then displays it with each iteration, terminating only when the game is over. That was as good as I figured out on the TI-82, because that thing was so slow even an unthrottled loop never ran too fast.

My friend Greg and I spent several nights this past week attempting to listen to amateur radio signals from the International Space Station (he’s been using Gpredict to find time windows of orbits close to us). Not only is one of the crew members on the station a ham, but they also have a fully functioning repeater on the station as well. The uplink frequency is 437.800 MHz and the downlink frequency is 145.800 MHz. I had my squelch turned to minimum and my volume set high, but I never heard anything but white noise. Oh sure, I fleetingly thought that I had a variety of contacts, but that was just my brain playing tricks on me. It’s a well-known psychological quirk that people can fool themselves into hearing meaningful noises in pure static, or seeing patterns in random shapes.

I spent twenty minutes on each of several different nights listening to white noise, straining with all my mental might to hear something amidst the cacophony. But we never heard anything. None of the orbits brought the ISS closer than 800 miles. It was simply too far for our receiving equipment. We both have 44-inch magnetic mount dual-band whip antennae, the kind that can be affixed to the top of a vehicle. They’re good for ground-based mobile operations, but not for trying to receive signals from space! For that, you really want a cross-polarized Yagi antenna on an altitude-azimuth mount (imagine how large ground-based telescopes are pointed and you’ve got it). And that represented a far larger investment in the hobby than either of us has made so far. Are receiving transmissions from space limited only to the upper echelons of the hobby? Is attempting it with entry-level equipment as foolish as someone with a cheap telescope from Wal-Mart searching for a new planet? I would soon find out.

After another annoyingly silent ISS pass last night, gpredict showed that the biological research satellite GeneSat-1 (see picture above) was passing almost directly overhead in another twenty minutes. It also happens to be equipped with a beacon operating in the 70cm amateur radio band. I was skeptical, and it was getting late, but I couldn’t miss the opportunity. This would be four times closer than any pass of the ISS so far (and thus sixteen times the signal strength, thank you inverse-square law), so I was hopeful. The frequency of GeneSat-1’s beacon is 437.067 MHz. I can only tune my radio in 5 KHz increments, but the Doppler shift of the orbit spreads the signal out enough that it would be heard on the frequency I tuned my radio to, 437.065 MHz, if indeed the signal was strong enough to be heard at all.

So again I turn the squelch all the way down and the volume up to almost painful levels (if you’re a fan of overblown metaphors, imagine a fighter pilot setting his afterburners to maximum, his plane roaring and rumbling around him). I listened intently as the minutes slowly ticked away. GeneSat-1 crested the horizon; nothing. It began rising higher and higher in the sky; still nothing, though my mind was now alerting on fake signals at an alarming rate, only for each to be rejected after a moment’s consideration.

4,000 US troops have now died in Iraq, along with hundreds of thousands of Iraqi civilians. Given that Iraq didn’t have weapons of mass destruction, we never did manage to loot their oil to lower our gas prices, their country is now less stable and more terrorist-friendly than in the Saddam era, and that it has cost us over a trillion dollars that we really can’t spare in these tough economic times, how in the fuck can anyone still argue that this war was worth it?!

And yet that’s exactly what John McCain is arguing. Someone explain to me how in the hell he even still has a chance at winning this thing?

I just got back from my family’s annual Easter holiday meal at my aunt and uncle’s house. That in itself is very average, but the strictly secular nature of it isn’t. Allow me to explain.

As far back as I can remember, we’ve gone to my aunt and uncle’s house for Easter. My aunt is the only Christian in the family (and barely at that?), so this is one of the two times of the year she can relive the traditions from her youth. She rather likes having the family together and eating the classic Easter foods. Everyone else in the family is pretty much Jewish, lapsed Jewish, or full-on atheist. As such, it’s not exactly a very religious occasion. Yeah, we have all the usual Easter foods, including the smoked ham which everyone ate (so much for keeping kosher). And we used to do the Easter egg hunt thing every year, but we “kids” have grown out of it. We watched March Madness basketball games on the television before and after the meal instead.

But the religious nature of it was completely missing. I only heard one reference to God the whole time, and that was when my dad made one of his usual faux pas comments, asking “Nobody here really believes Jesus died for our sins, right?” I didn’t hear anyone with an affirmative answer. I suppose that could be incredibly offensive at other people’s Easter celebrations, but we just sort of groaned at him a bit and continued eating.

To all those out there who don’t believe but are saddled with a family who does, just know that there is hope. The religious aspects can be cleanly excised from traditional celebrations such as Christmas and Easter, leaving in all of the fun parts while losing nothing of worth. After all, those two are based on Pagan holidays anyway. You can have as many chocolate eggs and Easter rabbits as your heart desires without any of the Christ.